Since the highly publicized attack on the Los Angeles-area hospital on Feb. 5, three more ransomware attacks have targeted hospitals in the United States. IT systems at Methodist Hospital in Henderson, Kentucky, Chino Valley Medical Center and Desert Valley Hospital, both in California, have been infected with ransomware. The hackers deployed the malware across the internal network to encrypt vital medical records of hospital patients and demand money to unlock them.

David Park, Chief Operating Officer of Methodist Hospital in Henderson, Kentucky, told WFIE 14 News that hackers copied patients’ medical files, locked the new copies and then deleted all the originals. Brian Krebs reported that the hospital’s website had a scrolling notification to visitors in bright red that they were under an “internal state of emergency due to a computer virus.” Park initially told Krebs the hospital hadn’t ruled out paying the ransom, but he told WFIE 14 News the hospital didn’t pay it. According to Krebs, the ransom was only four bitcoins, which equals about $1,600. That’s significantly less than the 3.6 million demanded by Hollywood Presbyterian hackers.

The hospital’s decision not to pay the ransom is one increasingly debated these days, though. A recent ThreatTrack study of mid-market enterprise cybersecurity practices found that nearly one in three security pros were willing to negotiate with cybercriminals to recover stolen or encrypted data.

The study also revealed that respondents in organizations already targeted by such schemes (38% of all respondents) were far more willing to play ball. In fact, 43% even went as far as to say companies should “set aside funds for negotiating with cybercriminals who steal, encrypt or threaten to sell their data.”

A screen shot of the hospital’s website, which had a scrolling notification to visitors in bright red that they were under an “internal state of emergency due to a computer virus.”

The Kentucky and LA hospitals aren’t alone in their plight. Two California hospitals were hit with malware attacks on Friday March 18th, according to a report by HealthcareFinance. The article states that the malware “disrupted servers” and resulted in “some IT systems” being shut down so the infection could be contained. Prime Healthcare Services Inc., the hospital chain that owns both hospitals, said the FBI was contacted immediately, but would not comment on whether the malware was ransomware or even what ransom amount was being demanded.

Prime Healthcare Spokesperson Fred Ortega did compare the malware-infecting attack as being “similar to challenges hospitals across the country are facing.” Although Ortega is keeping mum, an inside source confirmed to the Los Angeles Times that it was ransomware.

So how can organizations avoid becoming among the drones of organizations being infected by ransomware?

“In the case of ransomware, once that particular exploit is taken advantage of and a beachhead established, then it’s going to be normal protocols that go from that compromised asset to other parts of your network,” ThreatTrack Chief Product Officer Usman Choudhary explained. “Malware attacks will progress and hackers will continue to exploit organizations through ransomware. That’s why implementing a solution for network traffic analysis and monitoring patterns of traffic beyond just the initial beachhead, which may potentially be a malware or some sort of an exploit, is really part and parcel of the solution.”

But that’s not all many companies are doing for an extra layer of protection. ThreatTrack’s recent ransomware study revealed a whopping 74% believe cybersecurity insurance firms should offer policies that provide a third party to negotiate on their behalf for the return of their data in the event of a cybercrime extortion incident.

Learn more about the survey results and how they increased from last year’s study here.